Those statistics are scary but there is some good news to be found in the report: the numbers are actually down from the previous year. The reason? It’s very likely the result of an increased awareness from consumers together with increased protections in place from industry and government. That includes efforts like the Internal Revenue Service (IRS) “Taxes. Security. Together.” campaign. The more you know about how to protect yourself, the better chance you have to not be a victim.

Understand that public wi-fi access really does mean public. When you’re sitting in Starbucksor your local library, be careful: your data may be vulnerable to interception. Don’t connect to an unknown WI-fi connection (make sure that it’s legitimate). If you have an alternative connection available like using cellular data, consider using that instead. If you must connect using public wi-fi, use a VPN (virtual private network). And save the really sensitive data – like online banking – for later. It really is best to avoid websites that could expose your passwords or financial information to potential cyber-thieves on public connections.

Take care with private documents. With so much emphasis on internet security, it’s easy to forget to safeguard paper documents. Don’t be careless with credit card statements, bank receipts and copies of tax returns. File the copies you need and shred the ones that you don’t.

Keep your mailing address current. We’re an increasingly mobile society. It’s rare that you’ll retire in the home that you start out in: chances are, you’ll switch addresses more than once. When you do move, make sure that you contact your financial institutions, credit reporting agencies and tax authorities so that your mail doesn’t end up in the wrong hands. To easily change your address with IRS, file a federal form 8822, Change of Address (downloads as a pdf): allow plenty of time for processing. You should also file a change of address with the US Postal Service; you can make the change online here.

Keep an eye out on bank and credit card statements. You don’t have to be obsessive but do check your accounts from time to time to make sure that the recorded transactions are actually yours. Investigate and immediately report any suspicious activity.

Don’t give away the store online. Companies that do business over the web love gathering your data. That data helps them make decisions about marketing which means the more data they can glean, the better – for them. When making purchases or signing up for newsletters, only provide the information that the company needs: you don’t have to give out all of your information. When you do opt in to offer personal information, check the site’s privacy policy to find out how that information might be shared with other companies.

Use smart passwords. I know how hard it is to keep track of passwords these days. Chances are, you have a number of websites that require passwords and it can be tempting to cut corners. Don’t. Use secure passwords (make sure yours isn’t on this list of terrible passwords) and update them regularly. Don’t use the same password for multiple sites; to help you keep track, use a password manager like LastPass.

Be careful with games and memes. I love games and quizzes and memes. I really do want to know what Disney princess I could be (Belle, of course, because she loves books) or my rock star name (Sage Volt, apparently). Playing those games is good fun. But be careful when games and memes ask for personal information like your mother’s maiden name or the street you grew up on. Those questions seem innocent but can be attempts to secure out of wallet information used to figure out your password or otherwise gain entry into your online accounts. If you’re asked for that kind of information – even if it feels like it’s meant to be fun – think hard before clicking and for heaven’s sake, don’t post those details on social media.

Don’t fall for phishing and other scams. Phishing often comes in the form of an unsolicited email or a fake website that poses as a legitimate site (like those pretending to be IRS) in order to get you to disclose your personal or financial information. Don’t follow any links from these e-mails to any websites where you might be asked for your personal information. Verify that you’re on a legitimate site before sharing your data; if you must access a particular site, log out from any links that you’re not sure about and navigate directly to the site instead. And remember: the IRS will not initiate contact with you by email (or phone) to discuss your account.

Be stingy with your Social Security Number. These days, many companies ask for your Social Security Number not because they need it but because they want to use it as an identifying number. That’s not the intended use. Before you give out your Social Security Number, determine whether the company really needs the information – and why. If there’s not a legitimate purpose, don’t provide your Social Security Number when asked and don’t submit it online. (For more on Social Security numbers and privacy, click here.)

Monitor your credit report. By law, you’re entitled to one free copy of your credit report each year from each of the major credit bureaus (Equifax, Experian, and TransUnion): that’s a total of three reports every year (you may be entitled to additional copies if you’re the victim of identity theft). To claim your free copy, visit www.AnnualCreditReport.com or call 1.877.322.8228. Review your credit report like you do your credit card or banking statements: check to make sure that the transactions and credit requests are those that you’ve approved.

Pay attention to fraud alerts. Many banks, like mine, will alert you whenever there’s a suspicious transaction on your account. It can be a little inconvenient if the transaction is legitimate but it’s loads better than having your card actually compromised and not knowing about it. Ask if your bank or lender has fraud alerts – and use them.